System and method for managing a computing cluster

ABSTRACT

A method and system for managing a computing cluster including hosting a plurality of machines in a networked computing cluster, wherein the plurality of machines include service instances running on hosts, where the services have configured machine state; and wherein machine state includes configuration data and software of the machine; integrating the plurality of machines of the cluster with at least one configuration controller component; and the at least one configuration controller component, altering the machine state of at least one service instance.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of U.S. Provisional Application No. 61/357,938, filed 23 Jun. 2010, titled “SYSTEM AND METHOD FOR MANAGING A PLURALITY OF HOSTS” which is incorporated in its entirety by this reference.

TECHNICAL FIELD

This invention relates generally to the cloud-computing field, and more specifically to a new and useful method and system for managing a computing cluster in the cloud-computing field.

BACKGROUND

There are increasingly more and more cloud-based services and platforms. While the use of cloud computing has been influential in allowing new products to be developed and built, management of a computing cluster on which the service or platform runs is still a challenge. Each machine or device in the computing cluster typically has its configuration set individually. However, changes in other machines can impact how one might configure a particular machine, and synthesizing such information is not easily accomplished. Thus, there is a need in the cloud-computing field to create a new and useful method and system for managing a computing cluster. This invention provides such a new and useful method and system.

BRIEF DESCRIPTION OF THE FIGURES

FIG. 1 is a schematic representation of a method of a preferred embodiment;

FIG. 2 is a schematic representation of a variation with publication/subscription communication of a preferred embodiment;

FIG. 3 is a schematic representation of a variation with content delivery network communication of a preferred embodiment;

FIGS. 4A-4C are schematic representations of configuration controller architectures;

FIG. 5 is a schematic representation of a finite state machine model processed by a configuration controller of a preferred embodiment;

FIG. 6 is a detailed schematic representation of computing cluster including a master device and a load balancer;

FIG. 7 is a detailed schematic representation of telephony computing cluster of a preferred embodiment;

FIG. 8 is a schematic representation of a method of a second preferred embodiment;

FIG. 9 is an exemplary representation of services implemented in the computing cluster;

FIG. 10 is a schematic representation of machine state of a session;

FIG. 11 is a an exemplary configuration file for the computing cluster;

FIG. 12 is a schematic representation of a dependency graph;

FIGS. 13 and 14 are schematic representations of a system of a preferred embodiment of the invention; and

FIG. 15 is an example API command from a user to generate a firewall rule set allowing access to running hosts in the cloud.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

The following description of the preferred embodiments of the invention is not intended to limit the invention to these preferred embodiments, but rather to enable any person skilled in the art to make and use this invention.

1. Method of a First Embodiment for Managing a Computer Cluster

As shown in FIG. 1 a method for managing a computer cluster of a preferred embodiment includes hosting a plurality of machines in a networked computing cluster S110, connecting the plurality of machines of the cluster to a configuration controller S120, the configuration controller storing individual machine state for the plurality of machines S130, determining a new machine state from the state of the plurality of machines S140; and updating a machine in the computing cluster with the new machine state S150. The method functions to create an interface for easy monitoring, configuration, and/or orchestration of a computing cloud. More preferably, the method enables a machine to be reconfigured based on changes in other related machines in the cloud, not just changes for that particular machine. The method is preferably implemented in a system substantially similar to the one described below but may be implemented by any suitable system. In one preferred embodiment, the method is used with a computing cluster for a telephony platform, but the computing cluster may alternatively be for any suitable application. The machines are preferably managed and operated but may alternatively be part of a third party system(s) that are simply controlled through a configuration controller. The method preferably includes pushing new machine state to a machine. These steps preferably implement a publishing and subscribing model of communication, which functions to provide real-time control over the computing cluster.

Step S110, which includes hosting a plurality of machines in a networked computing cluster, functions to operate a plurality of devices or hosts that require orchestration. The computing cluster is preferably an internet based plurality of machines (i.e., hosts), but may alternatively be an internally networked plurality of machines. The machines preferably provide computing and/or storage capabilities. A machine is preferably a server but may alternatively be any suitable dedicated device or virtual device. A machine may alternatively be a virtual machine wherein a single device facilitates running a plurality of virtual machines. A machine is preferably configured with machine state to perform a particular task. In one preferred embodiment the computing cluster is used for a telephony platform. For a telephony platform, the plurality of machines is preferably composed of call routers, load balancers, call queues, media processors, message routing devices, resource databases, and/or any additional devices. The machines may alternatively be setup for any suitable type of computing cluster. The networked computer cluster is preferably hosted by the entity administering the method, but the computer cluster may alternatively be hosted on a third party platform, or the whole of the computer cluster may alternatively be distributed over a plurality of platforms or computing clusters. The entity administering the method preferably has some level of operational control of the machines composing the computing cluster, either directly, an API of third party service, or any suitable control mechanism.

Step S120, which includes connecting the plurality of machines of the cluster to a configuration controller, functions to create channels to send and receive messages between a central device (e.g., a configuration controller) and the devices making up a computing cluster infrastructure. The communication channels are preferably implemented through a pubsub infrastructure as shown in FIG. 2, but any suitable communication system may alternatively be used. As part of the pubsub infrastructure, Step S120 preferably includes subscribing to notifications of a plurality of machines S122 and receiving subscription requests from a plurality of machines S124. External or internal hub(s) may be used as a message broker for relaying published messaged to those who have a subscription. By subscribing to notifications of a machine, the configuration controller preferably receives operation information as the information is changed. A machine may have information actively requested from it. S122 may alternatively occur automatically, without receiving an instruction requesting the information. S122 preferably occurs whenever machine state (or operation) changes. For example, when the status of a machine changes such as due to an error, the machine preferably publishes the information, and the hub routes the information to the configuration controller because of the subscription to the machine. The configuration controller preferably maintains an updated database of machine state through such subscriptions as described in Step S130. Step S124 preferably functions to establish individual subscriptions of a machine to messages generated by the configuration controller. The configuration controller can preferably selectively publish messages to any suitable subset of the plurality of machines that have a subscription. This may be accomplished in a variety of ways. A machine may have a plurality of types of subscriptions, such as one subscription unique to messages for that machine, a subscription to messages directed to machines with a particular status, a subscription to messages directed to machines with a particular role, and/or any suitable subscription type. The subscriptions may alternatively be targeted through publication filtering. A subscription by the machine to the configuration controller preferably includes machine state. Information such as IP address (or any suitable identifier), role, status, or other operation information may additionally be communicated to the configuration controller. The machine state data of the configuration controller may be used to selectively publish information to hosts. For example, a plurality of machines may have individual subscriptions to the messages of a configuration controller. At some point in time, the configuration controller may only want to send a message to machines that have the role of a load balancer. The message is preferably only published to machines that have the role of a load balancer by filtering where the message is published. During communication data may be encrypted with a shared secret. A secret key or cryptographic code can be used to uniquely verifies communication between a machine and a configuration controller. The secret key is preferably supplied at boot time of the machine but may alternatively be established at any suitable time. The secret key is preferably included in communications between a host and the cloud manager or used to sign a communication. Any suitable authorization or security measures may alternatively be used. Other forms of communication may alternatively be used. In one variation, a content delivery network system is used as an intermediary for machine state sharing. Machines preferably post machine state to the content delivery network (CDN), and the configuration controller preferably pulls the machine state information from the CDN as shown in FIG. 3.

The configuration controller may have several variations of infrastructure. One preferred variation includes a single configuration controller machine integrated with the plurality of machines. A plurality of configuration controllers may additionally be used. In one variation, the configuration controller is implemented in an active-passive configuration as shown in FIG. 4A. In an active-passive configuration, one machine preferably acts as a primary configuration controller, and a second configuration controller preferably acts as a secondary configuration controller that can be used when needed. In yet another variation, the configuration controller is implemented in an active-active configuration as shown in FIG. 4B. In an active-active configuration there are a plurality of configuration controllers cooperatively managing the cluster. Machine state is preferably stored in a shared resource in this variation. In yet another variation, the machines of the cluster cooperatively function as the configuration controller in a peer-to-peer type configuration as shown in FIG. 4C. In this variation, a configuration controller service preferably runs on each machine. The configuration controller may alternatively have any suitable architecture and implementation.

Step S130, which includes the configuration controller storing individual machine state for the plurality of machines, functions to store state information for machines of the computing cluster. The configuration controller is preferably a device or platform from which computing cluster orchestration may be carried out. The configuration controller may itself be distributively hosted. Machine state of a machine preferably includes configuration data and software. The machine state may additionally include operational data. The operational data may be external to the machine. The configuration data is preferably similar to file system related data. The software is preferably the code or source code executed by the machine. The operational data is resources such as a database, media resources, persistent data, or any suitable data used in operation. The machine state may alternatively include any suitable combination of the configuration data, software, operational data, and/or other machine related data. The machines preferably publish changes in machine state to the configuration controller. Alternatively, the configuration controller may periodically poll the machines. In yet another alternative, the configuration controller pulls machine state from a CDN. The machine state is preferably stored in a database. The machine state database 124 may be any suitable database or device for storing data such as a mySQL database, JSON, or an XML file. The machine state database preferably stores a record for each machine including the machine state. This information may include internal and/or external IP addresses of the machines, status, role(s), capacity/load, and/or any suitable operation information. As discussed further below, the database may additionally store a security key for each machine to securely identify a machine. Current machine state is preferably stored, and additionally, past machine state may be stored as a version history of the machines. The version history is preferably the machine state from different points in time. These versions may be used in comparing the machine state from different times or from different machines and resolving problems.

Step S140, which includes determining a new machine state from the state of the plurality of machines, functions to calculate a next state for a machine based on overall state of the cluster. A new machine state is preferably calculated based on the current machine state. The new machine state is additionally or alternatively calculated based on the machine state of associated machines of the computing cluster. The associated machines are preferably machines that interact directly or indirectly with the machine. Machines may alternatively be associated based on shared machine state (e.g., having the same role or status). For example, two machines that are configured as indicated in the machine state to be load balancers may be associated with each other. Calculating a new machine state based on the machine state of at least a second machine enables the machines to be updated more intelligently. Additionally, a plurality of new machine states may be calculated for a plurality of machines. A new machine state may be any suitable change to a machine state. The configuration data may be changed. The software may change which may be an update to a new version of software or change in role. The operational data may change, such as changes in a database resource of a machine. In some variations, the new machine state may be a defined as provisioning a new machine to scale the computing cluster, reprovisioning a machine to a new role, restarting a machine, or deprovisioning a machine to scale down.

The calculation of a new machine state is preferably initiated by a change in the computing cluster. In one variation, calculation of a new machine state is due to the change in machine state as a result of operation. For example, if a machine encounters an error, then new machine states are preferably calculated for other machines to accommodate for the down machine. This may include provisioning a new machine with a previous machine state of the down machine, or could alternatively be a redistribution of the machines responsibilities to other machines. This transfer of responsibilities is preferably conveyed through the new machine states. Similarly the calculation of a new machine state may be due to the usage and/or capacity of the machine. Load and capacity may be communicated through the configuration data in the machine state. In another variation, calculation of a new machine state is due to outside initiation. The configuration controller preferably includes an API, which may be used by an outside system or operator. An operator may issue instructions to change elements of the computing cluster. For example, an instruction may be set to scale particular resources up or down, to update software, to change operational data, or perform any suitable orchestration instruction. The calculation of new machine state may alternatively or additionally be calculated using auto-provisioning, self healing and/or any suitable algorithm. A finite state machine may be run to determine the new machine state of a particular machine as shown in FIG. 5.

In one variation, the machines of the computing cluster include a plurality master devices each with a dedicated load balancers as shown in FIG. 6. Having a plurality of masters and load balancers distributes responsibility and creates a more scalable computing cluster. The master device preferably provides high-level services but may serve any suitable service. In a preferred embodiment where the computing cluster is a telephony platform, the master device is preferably a call router as shown in FIG. 7. The dependent machines may be any suitable support of load balanced machines such as media processors, caches, queues, proxy servers, or any suitable machines. The dependent machines (i.e., machines managed by each load balancer) are preferably conveyed in the machine state of the load balancer. Load balancers may be configured with new machine state based on changes in the machines for which they provide load balancing. Provisioning of a machine (e.g., provisioning a new machine, deallocating a machine, etc.) that is load balanced by a particular load balancer preferably causes a recalculation of machine state for at least one load balancer. When the load balancer is updated with the new machine state the load balancer and master device may be restarted to start load balancer of the changed dependent machines.

Step S150, which includes updating a machine in the computing cluster with the new machine state, functions to set the machine to the new machine state. The new machine state is preferably communicated to the machine through the established channels of communication. The new machine state is preferably published through a hub and distributed to machines that have the appropriate subscription established in Step S124. Publications may be filtered which functions to direct the new machine state to the appropriate machine(s). As discussed above, a new machine state can preferably be selectively published (or filtered) based on any suitable machine characteristic such as IP address (or ID), status, role, capacity/load and/or any suitable aspect. Once new machine state is received at the machine, the machine may require being restarted to initialize the new machine state. Alternatively, the new machine state may be initialized during run time.

Additionally a method of the preferred embodiment includes the step of receiving a message through an API of the configuration controller S160, which functions to allow outside instructions for management of the computing cluster. The API is preferably a convenient interface for users or systems to access and change the computing cluster system. The API is preferably a RESTful API but may alternatively be any suitable API such as SOAP. Additionally, a user interface may be used as a front end control providing an alternate way for users to interact with the configuration controller through the API. The API is preferably used to alter configuration of a machine or machines. A user and/or an outside system may issue API calls. The API may additionally be used to access information about the computing cluster. The configuration controller, through the communication channels established in S120, preferably has stored and updated information about the machines. Additionally or alternatively the configuration controller may communicate with a machine requesting information. For example, an HTTP GET message using a common HTTP client tools such as curl, piped into an extensible stylesheet language transformation (XSLT) processor, can be used to generate any suitable type of configuration file. The command shown in FIG. 15, could be used with a suitable XSLT file to generate a firewall ruleset allowing access to only running hosts in the cloud. The API may alternatively be used for transferring data, allocating or reprovisioning resources, and/or any suitable cloud computing management. Additionally, a change to one machine may cause the determination of new machine state of a second machine. For example, allocating a new device may require the determination of a new machine state for a load balancer.

2. Method of a Second Embodiment for Managing a Computer Cluster

As shown in FIG. 8, a method 200 for managing a computer cluster of a second preferred embodiment of the invention includes hosting a plurality of machines in a networked computer cluster S210; integrating a plurality of machines of the cluster with at least one configuration controller component S220; and altering the machine state of at least one service instance S250. The method functions to create an interface for easy configuration and/or orchestration of a computing cloud. The steps of the method 200 may be used in any suitable combination with the steps of method 100 above, and any of the variations of two methods may additionally be applied to either of the embodiments. Step S210, S220, and S250 is preferably substantially similar to Step S110, S120, and S150 except as noted below. Method 200 may additionally be applied to a machine or host such that multiple services of a machine may be impacted through one update.

As used in the description of method 200, a service instance preferably runs on a host. A host is preferably a machine that has one or more service instances running on the host machine. A service instance refers to a specific implementation of a service. A service preferably describes a type of module that performs a particular task or tasks within the computing cluster. For a telephony platform, the services of a computing cluster may include call routers, load balancers, call queues, media processors, message routing devices, resource databases, and/or any additional devices. In some variations, a service may be a dependent service. In other words, a first service (i.e., the dependent service) may require at least a second service. The second service may additionally be dependent on other services. The dependencies of services are preferably acyclical. A host may additionally run a load balancer for services that the hosted services depend upon as shown in FIG. 9. If multiple services of a host share a common dependency on a service, then a single load balancer may be used for that service. Each service instance preferably has machine state, but a host may additionally have machine state. As described above, machine state preferably includes configuration data and software (i.e., business logic). The machine state may additionally include operational data and/or any suitable description of the state of a service.

Step S250, which includes updating the machine state of at least one service instance, functions to alter operation of a machine in cluster. Updating may include starting a service instance, stopping a service instance, removing a service instance, updating the version of a service instance, or reverting a version of a service, changing type of service, or any other suitable change. The update is preferably accomplished by sending a new machine state to a service instance. The machine state is preferably versioned so that the new machine state may be supplied through a version controlled version of the machine state. The software and configuration data are preferably version controlled while operational data is preferably automatically updated as shown in FIG. 10. The updating of the machine state may be initiated by an outside entity or alternatively through automatic monitoring.

One variation of the method includes receiving a specified service update S260. An API or interface may be used for users or system to supply new machine state to the configuration controller. The specified service update preferably includes at least one service to update. The update may additionally include a sub-group parameter to update a sub-group of the instances of the specified service. If sub-group parameter is note included, all instances of the specified service are preferably updated with the new machine state. The sub-group parameter may be used to update a particular instance (e.g., using an instance ID), update a fixed number, update a percentage of service instances, update a type of sub-group (e.g., service instance of a particular version number), update a services based on a combination of conditions (e.g., updating either 33% or 20 instances whichever is greater), or updated according to any suitable way of specifying a sub-group.

The method 200 additionally preferably includes identifying service instances S270, which functions to determine which service instances to alter in Step S250. Service instances may be identified by processing a configuration file. The file is preferably describes the architecture of the plurality of machines. In one example a markup language may be used to describe the configuration as shown in FIG. 11. Sub-group parameters may be used to identify the appropriate service instances. Additionally, the Step S270 may include identifying service instances that are dependent on a particular service instance. In this way, when a service instance has machine state altered, all service instances that depend on that service instance are notified of the change. Preferably, a dependency graph is created to show the dependency relationships of the services of a computing cluster as shown in FIG. 12. The dependency graph is preferably acyclical. When building a dependency graph, the configuration of the services may additionally be validated. For example, cycles may be identified and eliminated. When altering machine state in Step S150, the service instances are preferably altered in an order based on the dependency graph. This may be from leaf nodes to dependent services or from dependent services to leaf nodes of the dependency graph. The order may additionally be based on what machine state changes are occurring. In the dependency graph, dependency order follows the connections starting at the leaf nodes. In the variation where there is a load balancer for a service, then that load balancer is preferably updated when the service being load balanced is altered.

In another variation, the method includes monitoring the operation status of machines and/or services of the computing cluster. A scaling parameter is preferably set so that services may be scaled automatically when the scaling parameter is satisfied. The scaling parameter may be threshold, a pattern of events, or any suitable parameter to trigger the altering of service and/or host machine state. Thresholds are preferably set for appropriate operation parameters, and when a machine or a service instance reaches the threshold, scaling of a service may be automatically initiated by altering the machine state of appropriate services. A threshold is preferably set for provisioning and for deprovisioning such that the computing cluster can scale up and down. The configuration controller preferably manages this monitoring, but monitoring may alternatively occur on the machine or by any suitable component. In a telecommunication platform, the computing cluster preferably has very unique scaling requirements as compared to other systems. Large spikes may occur at any time. Telecommunication platforms additionally have a plurality of types of input channels. For example, a telecommunication platform preferably supports voice sessions, messaging, (e.g., SMS and/or MMS), video, and any other suitable type of input channel. The types of input channels typically have different service requirements. Service may be monitored and automatically altered according to the type of input channel. Services that are shared between services may additionally be pooled between types of input channels. The type of input channels of a telecommunication platform may include voice, video, messaging (e.g., SMS or MMS), or any suitable type of input channel.

Additionally, the method may be used to orchestrate a computing cluster being used with sustained session. A sustained session is preferably any suitable session that requires sustained use of a service instance for the duration of the session. Some examples of sustained sessions include voice calls and video streams that occur on telecommunications platforms. A service instance handling an operation for a sustained session is preferably kept at a constant state until all sustained sessions come cease use of that service instance. Preferably, the service instances that are dependent on such a service instance are altered appropriately in preparation, and when the sustained session ends, then the service instance is altered.

3. System for Managing a Computer Cluster

As shown in FIGS. 13 and 14, the system 100 of the preferred embodiment for managing a computer cluster preferably includes a computing cluster 110 and a configuration controller 120. The system functions to provide an interface for easy monitoring and configuration of the computing cluster 110. The configuration controller 120 preferably additionally includes an access application programming interface (API) 122, machine state database 124, and a machine communication system 126. The system 100 may be used with any suitable cloud-computing environment. One preferred embodiment uses the system 100 with a telephony network platform such as the one described in patent application Ser. No. 12/417,630 filed 2 Apr. 2009, titled System and “Method for Processing Telephony Sessions”, which is incorporated in its entirety by this reference.

The computing cluster no of the preferred embodiment functions to provide the base infrastructure a user is wishing to manage. The computing cluster no is preferably composed of a plurality of machines 112 or computing resources/machines. The machines may be identical in setup or may alternatively be composed of a variety of systems such as web servers, voice over internet protocol (VoIP) systems, media processors, load balancers, databases, proxy servers, caches, queues, and/or any suitable computing device and/or storage devices. The computing cluster 110 may be composed of a variety of hardware systems, software platforms, and/or virtual machines. A machine 112 preferably has operation information available to interested parties, preferably access through the configuration controller 120. The operation information preferably includes machine status (e.g., booting, running, shut down, etc.), internal internet protocol (IP) address, external IP, role (e.g., web server, VoIP, load balancer, media processor, etc.), capacity/load, and/or any suitable operation settings or information. A machine 112 preferably manages communication of the operation information and self operation (such as performing roles or changing status). A machine additionally has machine state information. The machine state information preferably includes configuration data, software, and operational data. The configuration data is preferably similar to file system related data. The software is preferably the code or source code executed by the machine. The operational data is resources such as a database, media resources, persistent data, or any suitable data used in operation. The machine state may alternatively include any suitable combination of the configuration data, software, operational data, operational information and/or other machine related data. A machine may alternatively have a parent device that manages, monitors, and communicates operation information of the machine, such as a load balancer in charge of a plurality of resources.

The configuration controller 120 of the preferred embodiment functions to act as an interface to controlling the computing cluster no. The configuration controller functions, to simplify the management and control of a cloud-computing environment. The configuration controller preferably includes an access API 122, a machine state database 124, and a machine communication system 126. The configuration controller additionally includes a state machine engine that generates new machine state of a machine. The inputs to the state machine engine preferably include the old machine state. A plurality of machine states of associated machines may additionally be input into the state machine engine.

The access API 122 preferably functions to act as an interface for interested parties to interact with operation information and change the operation of machines within the computing cluster 110. The access API is preferably a REST API (Representational State Transfer API) as is known in the art, but the access API may alternatively be a SOAP (Simple Object Access Protocol) API or any suitable programmatic communication interface. A REST API preferably follows RESTful practices as is well known in the art. RESTful is understood in this document to describe a Representational State Transfer architecture. RESTful Hypertext Transfer Protocol (HTTP) requests are preferably made to the configuration controller 120. The HTTP requests are preferably stateless, thus each message communicated preferably contains all necessary information for operation of a user command. The configuration controller preferably does not need to remember or store previous communications to be aware of the state. The machines 112, machine state, and related resources are preferably viewed as addressable resources. Consistent with the RESTful conventions, a GET request of a resource may return the current state of a resource, while PUT may update the state, PUT or POST may be used to create a new resource, and DELETE may be used to destroy a resource. The access API 112 can preferably be used by users to access operation information of one or more of the machines in the computing cluster 110. For example, as a REST API a simple HTTP request using the access API 122 can obtain a list of machines, and can preferably filter information on status, role, or any suitable operation information. The operation information is preferably returned in an HTTP response, preferably containing the operation information formatted as xml.

The machine state database 124 preferably functions to store operation information of the machines 112 of the computing cluster 110. The machine state database 124 may be any suitable database or device for storing data such as a mySQL database or an XML file. The machine state database 124 preferably stores a record for each machine 112. The information stored for each machine 112 preferably includes machine state, internal and/or external IP addresses of the machines, status, role(s), capacity/load, and/or any suitable operation information. The database 124 may additionally store a security key 130 for each machine to securely identify a machine 112.

The machine communication system 126 preferably functions to be a communication infrastructure between machines 112 of the computing cluster 110 and the configuration controller 120. The machine communication system 126 is preferably a publishing and subscription service such as pubsub messaging system. As shown in FIG. 8, the pubsub variation of the machine communication system 126 preferably has a number of configured subscriptions and publication channels. The configuration controller 120 preferably subscribes to the notifications published by the machines 112. These notifications preferably include the operation information submitted by the machines. The machines 112 preferably individually subscribe to messages from the configuration controller 120 or any suitable party such as other machines 112. New machine state is preferably communicated from the configuration controller to the machines. There is preferably a hub that the machines and the configuration controller 120 communicate through using the pubsub system. The configuration controller 120 may function as a hub or an outside system may be used as a hub. Additionally, there may be any suitable number of hubs, such as for a system geographically distributed.

Additionally, the system of the preferred embodiment preferably includes a secret key 130 shared by a machine 112 and the configuration controller 120. The secret key 130 is preferably a cryptographic code that uniquely verifies communication between the machine 112 and configuration controller 120. The secret key 130 is preferably supplied at boot time of the machine 112 but may alternatively be established at any suitable time. The secret key 130 is preferably included in communications between a machine 112 and the configuration controller 120.

An alternative embodiment preferably implements the above methods in a computer-readable medium storing computer-readable instructions. The instructions are preferably executed by computer-executable components preferably integrated with a distributed, networked computing cluster with a plurality of machines and a configuration controller. The computer-readable medium may be stored on any suitable computer readable media such as RAMs, ROMs, flash memory, EEPROMs, optical devices (CD or DVD), hard drives, floppy drives, or any suitable device. The computer-executable component is preferably a processor but the instructions may alternatively or additionally be executed by any suitable dedicated hardware device.

As a person skilled in the art will recognize from the previous detailed description and from the figures and claims, modifications and changes can be made to the preferred embodiments of the invention without departing from the scope of this invention defined in the following claims. 

We claim:
 1. A method for managing a telephony platform networked computing cluster hosted at a third party Internet-based multi-tenant computing platform, the method comprising: at a configuration controller that is communicatively coupled to the third party Internet-based multi-tenant computing platform via the Internet: the configuration controller establishing a configuration controller publication channel with a message broker that is constructed to provide machine state via the Internet to a machine that is subscribed to the configuration controller publication channel, the machine being a machine of a plurality of machines of the computing platform, the message broker being constructed to provide machine state notifications received from the machine to the configuration controller, the message broker receiving the machine state notifications via a machine publication channel between the machine and the message broker, establishing the configuration controller publication channel comprising: the configuration controller storing a security key of the machine that is supplied at boot time of the machine and provided to the configuration controller via the message broker, the security key being used to securely identify the machine; responsive to a first instruction received by the configuration controller from an outside system via an application programming interface (API) of the configuration controller, the configuration controller: encrypting first telephony platform computing cluster software with the stored security key, and providing the encrypted first telephony platform computing cluster software to the machine via the configuration controller publication channel, the first telephony platform computing cluster software including software for a first telephony platform service that includes a plurality of telephony call router services, a plurality of dedicated telephony service load balancer services, and a plurality of dependent telephony services, each call router service being communicatively coupled with a dedicated telephony service load balancer service, each load balancer service distributing telephony jobs of the associated telephony call router service to a plurality of dependent telephony services that are managed by the load balancer service, the telephony services including two or more of a media processor service, a routing service, a call queue service, a resource database service, and a proxy service; the configuration controller establishing at least one configuration controller subscription with the message broker to receive machine state notifications of the machine via the Internet, wherein responsive to the machine decrypting the encrypted first telephony platform computing cluster software by using the security key, the machine executes the first telephony platform computing cluster software, and wherein the first telephony platform computing cluster software is constructed to control the machine to: provide at least a portion of the first telephony platform service, subscribe to new machine state published by the configuration controller via the configuration controller publication channel, and publish a machine state notification of the machine to the subscribed configuration controller via the Internet responsive to a change in a machine state of the machine; at the configuration controller, responsive to a published machine state notification of the machine, the notification being received via message broker: updating a machine state database with the machine state notification, calculating new machine state from the machine state notification and machine state stored in the machine state database, the machine state stored in the machine state database including machine state of the plurality of telephony call router services, telephony service load balancer services, and dependent telephony services of the computing cluster, selectively publishing the calculated new machine state to the machine by using the security key, and in a case where the notification is published by a dependent telephony service: identifying the associated telephony service load balancer service by using the machine state database, calculating new machine state for the identified load balancer service, and publishing the calculated new machine state for the load balancer service to a machine of the load balancer service via the configuration controller publication channel, and responsive to a second instruction received by the configuration controller from the outside system via the API of the configuration controller, the configuration controller: encrypting second telephony platform computing cluster software with the stored security key, and providing the encrypted second telephony platform computing cluster software to the machine via the configuration controller publication channel to replace the first telephony platform computing cluster software at the machine, the second telephony platform computing cluster software including software for a second telephony platform service that is different from the first telephony platform service, the machine decrypting the encrypted second telephony platform computing cluster software by using the security key and the machine replacing execution of the first telephony platform computing cluster software with execution of the second telephony platform computing cluster software to provide at least a portion of the second telephony platform service, the first telephony platform service being one of a plurality of telephony platform services including a voice communication service, a messaging communication service, and a video communication service, the second telephony platform service being one of the plurality of telephony platform services that is different from the first telephony platform service, wherein in a case where the configuration controller selectively publishes the calculated new machine state to a machine of a dependent telephony service, the configuration controller publishes the calculated new machine state via a machine of the associated telephony service load balancer service, and wherein machine state of a telephony service load balancer service identifies dependent telephony services of the load balancer, wherein new machine state published by the configuration controller includes at least one of a telephony platform configuration data change, and a telephony platform software change, wherein the configuration controller provides the first telephony platform computing cluster software to the machine via the Internet, receives machine state notifications from the computing platform via the Internet, and publishes new machine state to the computing platform via the Internet, and wherein the outside system is an external system of a user of the computing platform.
 2. The method of claim 1, further comprising sharing common services of at least two input channel types.
 3. The method of claim 1, wherein calculating new machine state comprises the configuration controller running a finite state machine to determine a new machine state.
 4. The method of claim 1, wherein updating a machine state database with the machine state notification comprises storing version history of machine state in a content delivery network, and further comprising the machines of the cluster pulling new versions of machine state from the content delivery network.
 5. The method of claim 1, further comprising in a case where a service subscribed to new machine states of the configuration controller is processing a telephony session, publishing the calculated new machine state to the service after the telephony session ends.
 6. The method of claim 5, further comprising in a case where a service subscribed to new machine states of the configuration controller is processing a telephony session, publishing the calculated new machine state to dependent services of the service.
 7. The method of claim 1, wherein machine state includes dependent services information; and wherein calculating new machine state from the machine state notification and machine state stored in the machine state database further comprises calculating a new machine state of a dependent service following a dependency graph formed from dependent services information in the machine state database.
 8. The method of claim 1, further comprising, at a call router service, receiving calls and executing a telephony application during a telephony session.
 9. The method of claim 1, further comprising, at a call router service, receiving telephony messages and executing telephony applications.
 10. The method of claim 1, wherein each telephony call router service, load balancer service, and dependent telephony service has a configured machine state, and wherein the configured machine state includes service status, service configuration data, software of the service, and dependent service information.
 11. The method of claim 10, further comprising, at the configuration controller, responsive to a published machine state notification of a service to which the configuration controller is subscribed, identifying service instances that are dependent on the service of the published machine state notification and building a dependency graph of services, wherein selectively publishing the calculated new machine state comprises publishing to subscribed services in an order based on the dependency graph.
 12. The method of claim 10, wherein the configuration controller includes an application programming interface (API), the method further comprising: receiving a service update message via the API of the configuration controller, the service update message specifying new machine state for at least one specified service of the computing cluster, the at least one specified service including at least one of a telephony call router service, a dedicated telephony service load balancer service, and a dependent telephony service of the computing cluster, and providing the new machine state of the service update message to the at least one specified service.
 13. The method of claim 12, wherein the API of the configuration controller is a REST API, and wherein the service update message is provided by a system that is external to the telephony platform computing cluster system.
 14. The method of claim 13, further comprising verifying authenticity of published machine state with a shared key.
 15. The method of claim 14, further comprising the services of the computing cluster maintaining at least an instance subscription, a service type subscription, and a status subscription to the configuration controller; and selectively publishing the calculated new machine state comprises: publishing to a service instance through an instance subscription; publishing to a service of a first type through a service type subscription; and publishing to service of a first status through a status subscription.
 16. The method of claim 13, wherein new machine state published by the configuration controller includes at least one of a configuration data change, and a software change.
 17. The method of claim 13, wherein new machine state provided by the configuration controller includes state of a new telephony service, and wherein the configuration controller changes a telephony service of at least one machine of the computing cluster to a new telephony service by publishing new machine state to the at least one machine, wherein each telephony service includes at least one of a telephony call router service, a dedicated telephony service load balancer service, and a dependent telephony service.
 18. The method of claim 13, wherein the configuration controller changes a telephony service of at least one machine of the computing cluster by publishing new machine state to the at least one machine, wherein each telephony service includes at least one of a telephony call router service, a dedicated telephony service load balancer service, and a dependent telephony service, wherein the configuration controller changes the telephony service of the at least one machine according to a type of input channel associated with the telephony service, wherein the type of input channel includes at least one of voice, video, and messaging.
 19. The method of claim 1, wherein the first telephony platform computing cluster software is replaced during operation of the first telephony platform service. 